138.68.41.161 - IPInfo

基本信息:

城市(city): unknown

省份(region): unknown

国家(country): United States

运营商(isp): DigitalOcean LLC

主机名(hostname): unknown

机构(organization): unknown

使用类型(Usage Type): Data Center/Web Hosting/Transit

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attack	Oct 5 13:00:43 server sshd[12965]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.41.161 user=r.r Oct 5 13:00:44 server sshd[12965]: Failed password for r.r from 138.68.41.161 port 60644 ssh2 Oct 5 13:00:44 server sshd[12965]: Received disconnect from 138.68.41.161: 11: Bye Bye [preauth] Oct 5 13:16:32 server sshd[13363]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.41.161 user=r.r Oct 5 13:16:34 server sshd[13363]: Failed password for r.r from 138.68.41.161 port 54836 ssh2 Oct 5 13:16:34 server sshd[13363]: Received disconnect from 138.68.41.161: 11: Bye Bye [preauth] Oct 5 13:20:19 server sshd[13462]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.41.161 user=r.r Oct 5 13:20:21 server sshd[13462]: Failed password for r.r from 138.68.41.161 port 39438 ssh2 Oct 5 13:20:21 server sshd[13462]: Received disconnect fro........ -------------------------------	2019-10-09 19:10:35
attackspambots	Oct 5 13:00:43 server sshd[12965]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.41.161 user=r.r Oct 5 13:00:44 server sshd[12965]: Failed password for r.r from 138.68.41.161 port 60644 ssh2 Oct 5 13:00:44 server sshd[12965]: Received disconnect from 138.68.41.161: 11: Bye Bye [preauth] Oct 5 13:16:32 server sshd[13363]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.41.161 user=r.r Oct 5 13:16:34 server sshd[13363]: Failed password for r.r from 138.68.41.161 port 54836 ssh2 Oct 5 13:16:34 server sshd[13363]: Received disconnect from 138.68.41.161: 11: Bye Bye [preauth] Oct 5 13:20:19 server sshd[13462]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.41.161 user=r.r Oct 5 13:20:21 server sshd[13462]: Failed password for r.r from 138.68.41.161 port 39438 ssh2 Oct 5 13:20:21 server sshd[13462]: Received disconnect fro........ -------------------------------	2019-10-08 20:29:05
attackspambots	Oct 6 22:42:56 localhost sshd\[82683\]: Invalid user Admin@900 from 138.68.41.161 port 42976 Oct 6 22:42:56 localhost sshd\[82683\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.41.161 Oct 6 22:42:58 localhost sshd\[82683\]: Failed password for invalid user Admin@900 from 138.68.41.161 port 42976 ssh2 Oct 6 22:47:16 localhost sshd\[82806\]: Invalid user Wachtwoord@2017 from 138.68.41.161 port 55930 Oct 6 22:47:16 localhost sshd\[82806\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.41.161 ...	2019-10-07 07:17:33

类型

评论内容

时间

attack

Oct  5 13:00:43 server sshd[12965]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.41.161  user=r.r
Oct  5 13:00:44 server sshd[12965]: Failed password for r.r from 138.68.41.161 port 60644 ssh2
Oct  5 13:00:44 server sshd[12965]: Received disconnect from 138.68.41.161: 11: Bye Bye [preauth]
Oct  5 13:16:32 server sshd[13363]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.41.161  user=r.r
Oct  5 13:16:34 server sshd[13363]: Failed password for r.r from 138.68.41.161 port 54836 ssh2
Oct  5 13:16:34 server sshd[13363]: Received disconnect from 138.68.41.161: 11: Bye Bye [preauth]
Oct  5 13:20:19 server sshd[13462]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.41.161  user=r.r
Oct  5 13:20:21 server sshd[13462]: Failed password for r.r from 138.68.41.161 port 39438 ssh2
Oct  5 13:20:21 server sshd[13462]: Received disconnect fro........
-------------------------------

2019-10-09 19:10:35

attackspambots

Oct  5 13:00:43 server sshd[12965]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.41.161  user=r.r
Oct  5 13:00:44 server sshd[12965]: Failed password for r.r from 138.68.41.161 port 60644 ssh2
Oct  5 13:00:44 server sshd[12965]: Received disconnect from 138.68.41.161: 11: Bye Bye [preauth]
Oct  5 13:16:32 server sshd[13363]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.41.161  user=r.r
Oct  5 13:16:34 server sshd[13363]: Failed password for r.r from 138.68.41.161 port 54836 ssh2
Oct  5 13:16:34 server sshd[13363]: Received disconnect from 138.68.41.161: 11: Bye Bye [preauth]
Oct  5 13:20:19 server sshd[13462]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.41.161  user=r.r
Oct  5 13:20:21 server sshd[13462]: Failed password for r.r from 138.68.41.161 port 39438 ssh2
Oct  5 13:20:21 server sshd[13462]: Received disconnect fro........
-------------------------------

2019-10-08 20:29:05

attackspambots

Oct  6 22:42:56 localhost sshd\[82683\]: Invalid user Admin@900 from 138.68.41.161 port 42976
Oct  6 22:42:56 localhost sshd\[82683\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.41.161
Oct  6 22:42:58 localhost sshd\[82683\]: Failed password for invalid user Admin@900 from 138.68.41.161 port 42976 ssh2
Oct  6 22:47:16 localhost sshd\[82806\]: Invalid user Wachtwoord@2017 from 138.68.41.161 port 55930
Oct  6 22:47:16 localhost sshd\[82806\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.41.161
...

2019-10-07 07:17:33

相同子网IP讨论:

IP	类型	评论内容	时间
138.68.41.74	attack	GET /wp-login.php HTTP/1.1 200 2044 Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0	2020-02-23 13:57:57
138.68.41.137	attackbots	[portscan] tcp/22 [SSH] *(RWIN=65535)(02041302)	2020-02-04 18:46:13
138.68.41.79	attackspam	MultiHost/MultiPort Probe, Scan, Hack -	2019-12-18 00:08:02
138.68.41.207	attackspam	Automatic report - XMLRPC Attack	2019-10-30 14:07:58
138.68.41.255	attackspambots	Brute force SMTP login attempted. ...	2019-08-10 02:25:50
138.68.41.127	attack	2019-07-27T11:17:57.641206abusebot-5.cloudsearch.cf sshd\[22502\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.41.127 user=root	2019-07-27 22:22:15
138.68.41.178	attackbots	10s of requests to none existent pages - :443/app-ads.txt - typically bursts of 8 requests per second - undefined node-superagent/4.1.0	2019-07-12 05:57:54

WHOIS信息:

DIG信息:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 138.68.41.161
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 20494
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;138.68.41.161.			IN	A

;; AUTHORITY SECTION:
.			504	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019100601 1800 900 604800 86400

;; Query time: 362 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Mon Oct 07 07:17:30 CST 2019
;; MSG SIZE  rcvd: 117

HOST信息:

Host 161.41.68.138.in-addr.arpa. not found: 3(NXDOMAIN)

NSLOOKUP信息:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 161.41.68.138.in-addr.arpa: NXDOMAIN

最新评论:

IP	类型	评论内容	时间
37.221.179.46	attackbots	Oct 7 22:46:43 icinga sshd[51116]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.221.179.46 Oct 7 22:46:45 icinga sshd[51116]: Failed password for invalid user admin from 37.221.179.46 port 44878 ssh2 Oct 7 22:46:48 icinga sshd[51303]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.221.179.46 ...	2020-10-09 04:40:43
27.68.25.196	attackbotsspam	TCP (SYN) 27.68.25.196:9447 -> port 23, len 44	2020-10-09 04:22:22
212.47.238.207	attackspambots	Brute-force attempt banned	2020-10-09 04:36:48
210.12.130.161	attackspambots	IP 210.12.130.161 attacked honeypot on port: 1433 at 10/7/2020 1:46:22 PM	2020-10-09 04:44:47
114.67.246.133	attackspam	Oct 8 22:16:55 ns392434 sshd[10562]: Invalid user testuser from 114.67.246.133 port 40676 Oct 8 22:16:55 ns392434 sshd[10562]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.67.246.133 Oct 8 22:16:55 ns392434 sshd[10562]: Invalid user testuser from 114.67.246.133 port 40676 Oct 8 22:16:57 ns392434 sshd[10562]: Failed password for invalid user testuser from 114.67.246.133 port 40676 ssh2 Oct 8 22:19:45 ns392434 sshd[10582]: Invalid user test from 114.67.246.133 port 42286 Oct 8 22:19:45 ns392434 sshd[10582]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.67.246.133 Oct 8 22:19:45 ns392434 sshd[10582]: Invalid user test from 114.67.246.133 port 42286 Oct 8 22:19:46 ns392434 sshd[10582]: Failed password for invalid user test from 114.67.246.133 port 42286 ssh2 Oct 8 22:21:20 ns392434 sshd[10676]: Invalid user user4 from 114.67.246.133 port 35862	2020-10-09 04:21:45
112.85.42.151	attack	Oct 8 22:46:28 * sshd[13288]: Failed password for root from 112.85.42.151 port 65324 ssh2 Oct 8 22:46:41 * sshd[13288]: error: maximum authentication attempts exceeded for root from 112.85.42.151 port 65324 ssh2 [preauth]	2020-10-09 04:49:44
140.143.196.66	attack	2020-10-08T18:22:58.013303ionos.janbro.de sshd[233881]: Invalid user ftpuser1 from 140.143.196.66 port 46506 2020-10-08T18:22:58.757718ionos.janbro.de sshd[233881]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=140.143.196.66 2020-10-08T18:22:58.013303ionos.janbro.de sshd[233881]: Invalid user ftpuser1 from 140.143.196.66 port 46506 2020-10-08T18:23:00.981235ionos.janbro.de sshd[233881]: Failed password for invalid user ftpuser1 from 140.143.196.66 port 46506 ssh2 2020-10-08T18:26:49.571743ionos.janbro.de sshd[233923]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=140.143.196.66 user=sync 2020-10-08T18:26:51.818853ionos.janbro.de sshd[233923]: Failed password for sync from 140.143.196.66 port 60724 ssh2 2020-10-08T18:30:38.997114ionos.janbro.de sshd[233937]: Invalid user web from 140.143.196.66 port 46710 2020-10-08T18:30:39.477031ionos.janbro.de sshd[233937]: pam_unix(sshd:auth): authentication failur ...	2020-10-09 04:24:33
34.126.118.178	attackbotsspam	2020-10-08T20:48:31.499462shield sshd\[11823\]: Invalid user ftpuser1 from 34.126.118.178 port 1060 2020-10-08T20:48:31.510174shield sshd\[11823\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.118.126.34.bc.googleusercontent.com 2020-10-08T20:48:33.272636shield sshd\[11823\]: Failed password for invalid user ftpuser1 from 34.126.118.178 port 1060 ssh2 2020-10-08T20:52:32.082832shield sshd\[12407\]: Invalid user chris from 34.126.118.178 port 1071 2020-10-08T20:52:32.090016shield sshd\[12407\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.118.126.34.bc.googleusercontent.com	2020-10-09 04:54:08
128.199.122.121	attack	Oct 8 16:36:46 haigwepa sshd[4226]: Failed password for root from 128.199.122.121 port 52552 ssh2 ...	2020-10-09 04:34:43
101.231.124.6	attackbots	Triggered by Fail2Ban at Ares web server	2020-10-09 04:54:47
171.248.62.65	attackbots	Unauthorized connection attempt detected from IP address 171.248.62.65 to port 23 [T]	2020-10-09 04:26:58
119.45.39.188	attackspambots	Lines containing failures of 119.45.39.188 Oct 5 06:13:19 shared07 sshd[12500]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.45.39.188 user=r.r Oct 5 06:13:21 shared07 sshd[12500]: Failed password for r.r from 119.45.39.188 port 59724 ssh2 Oct 5 06:13:22 shared07 sshd[12500]: Received disconnect from 119.45.39.188 port 59724:11: Bye Bye [preauth] Oct 5 06:13:22 shared07 sshd[12500]: Disconnected from authenticating user r.r 119.45.39.188 port 59724 [preauth] Oct 5 06:23:48 shared07 sshd[17206]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.45.39.188 user=r.r Oct 5 06:23:50 shared07 sshd[17206]: Failed password for r.r from 119.45.39.188 port 45320 ssh2 Oct 5 06:23:51 shared07 sshd[17206]: Received disconnect from 119.45.39.188 port 45320:11: Bye Bye [preauth] Oct 5 06:23:51 shared07 sshd[17206]: Disconnected from authenticating user r.r 119.45.39.188 port 45320 [preauth........ ------------------------------	2020-10-09 04:54:32
18.162.109.62	attack	Lines containing failures of 18.162.109.62 Oct 5 11:51:47 www sshd[31558]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=18.162.109.62 user=r.r Oct 5 11:51:48 www sshd[31558]: Failed password for r.r from 18.162.109.62 port 53092 ssh2 Oct 5 11:51:49 www sshd[31558]: Received disconnect from 18.162.109.62 port 53092:11: Bye Bye [preauth] Oct 5 11:51:49 www sshd[31558]: Disconnected from authenticating user r.r 18.162.109.62 port 53092 [preauth] Oct 5 12:00:24 www sshd[1055]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=18.162.109.62 user=r.r Oct 5 12:00:26 www sshd[1055]: Failed password for r.r from 18.162.109.62 port 51652 ssh2 Oct 5 12:00:26 www sshd[1055]: Received disconnect from 18.162.109.62 port 51652:11: Bye Bye [preauth] Oct 5 12:00:26 www sshd[1055]: Disconnected from authenticating user r.r 18.162.109.62 port 51652 [preauth] Oct 5 12:04:11 www sshd[1673]: pam_unix(s........ ------------------------------	2020-10-09 04:33:09
27.77.200.241	attackbotsspam	TCP (SYN) 27.77.200.241:12600 -> port 23, len 40	2020-10-09 04:49:08
218.92.0.247	attackspambots	Oct 8 22:32:57 server sshd[11430]: Failed none for root from 218.92.0.247 port 14381 ssh2 Oct 8 22:32:59 server sshd[11430]: Failed password for root from 218.92.0.247 port 14381 ssh2 Oct 8 22:33:03 server sshd[11430]: Failed password for root from 218.92.0.247 port 14381 ssh2	2020-10-09 04:38:11

最近上报的IP列表

71.139.227.104	198.206.209.114	14.32.14.161	109.209.226.244
176.107.133.97	1.58.9.123	4.182.123.67	52.167.8.80
156.8.84.249	215.44.181.85	163.9.218.195	162.86.121.246
172.70.37.205	55.64.145.52	31.235.50.147	79.96.99.125
199.136.162.217	200.69.146.44	222.242.172.2	64.243.41.243